Backdoor.Tidserv!in - wie werde ich diesen Trojaner los?

#0
30.03.2010, 16:50
Member

Beiträge: 12
#1 Hallo,

ich hab keine Ahnung wie, aber ich hab mir vor kurzem unglücklicherweise diesen Trojaner eingefangen ->http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-111113-1112-99

Das Problem ist dass ich ihn mit Norton 360 nicht entfernen kann, das Programm schreibt ich soll ihn manuell entfernen, nur wie?

In anderen Foren wurde mir schon geraten den PC neu aufzusetzen weil ich diesen Trojaner nicht mehr wegbekommen würde. Entspricht das der Wahrheit?

Ich wollte euch nochmal um Hilfe bitten, da ihr wirklich äußerst kompetent seid.

Vielen vielen Dank im Voraus.
Seitenanfang Seitenende
30.03.2010, 17:04
Member

Beiträge: 3716
#2 bitte abarbeiten, logs posten.
http://board.protecus.de/t23188.htm
auch combofix log bitet.
Seitenanfang Seitenende
31.03.2010, 10:24
Member

Themenstarter

Beiträge: 12
#3 Mach ich, das lustige im momentan nur dass ich am PC kaum mehr arbeiten kann, da der Virus auch mein Norton 360 lahm gelegt hat. Das Antivirentool lässt sich nicht mehr aktivieren.
Seitenanfang Seitenende
31.03.2010, 12:08
Member

Themenstarter

Beiträge: 12
#4 Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

31.03.2010 12:08:03
mbam-log-2010-03-31 (12-08-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 110867
Laufzeit: 14 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Paul\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
Seitenanfang Seitenende
31.03.2010, 15:08
Member

Themenstarter

Beiträge: 12
#5 GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-31 15:01:33
Windows 6.0.6002 Service Pack 2
Running: dzjjqic4.exe; Driver: C:\Users\Paul\AppData\Local\Temp\ugrdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8AFCBEEE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8AFCC0E0]
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x8B06BBD6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8AFCC2E8]

INT 0x52 ? 8716FF00
INT 0x62 ? 8716FF00
INT 0x72 ? 86137BF8
INT 0x82 ? 86137BF8
INT 0x92 ? 8613BBF8
INT 0xA3 ? 8716FF00
INT 0xB2 ? 8716FF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 82AF096C 8 Bytes [EE, BE, FC, 8A, E0, C0, FC, ...]
.text ntkrnlpa.exe!KeSetEvent + 621 82AF0D84 4 Bytes [D6, BB, 06, 8B]
.text ntkrnlpa.exe!KeSetEvent + 6E5 82AF0E48 4 Bytes CALL 3E3A0B0F
? System32\Drivers\spqa.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8F90441B 5 Bytes JMP 8716F4E0
.text ari8f48z.SYS 8FC65000 22 Bytes [82, 83, A1, 82, 6C, 82, A1, ...]
.text ari8f48z.SYS 8FC65017 106 Bytes [00, 32, 37, 7A, 80, 3D, 35, ...]
.text ari8f48z.SYS 8FC65082 74 Bytes [A5, 82, E7, 20, A5, 82, C6, ...]
.text ari8f48z.SYS 8FC650CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ari8f48z.SYS 8FC650DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806996D6] \SystemRoot\System32\Drivers\spqa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80699042] \SystemRoot\System32\Drivers\spqa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80699800] \SystemRoot\System32\Drivers\spqa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806990C0] \SystemRoot\System32\Drivers\spqa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069913E] \SystemRoot\System32\Drivers\spqa.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A8E9C] \SystemRoot\System32\Drivers\spqa.sys
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73897817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7389BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7388F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7388E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [738C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7389DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7388FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7388FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7391CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [738BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7388D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73886853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7388687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73892AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8613D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 861391F8
Device \Driver\usbuhci \Device\USBPDO-0 86F051F8
Device \Driver\usbuhci \Device\USBPDO-1 86F051F8
Device \Driver\usbehci \Device\USBPDO-2 86F061F8
Device \Driver\usbuhci \Device\USBPDO-3 86F051F8
Device \Driver\usbuhci \Device\USBPDO-4 86F051F8
Device \Driver\usbuhci \Device\USBPDO-5 86F051F8
Device \Driver\usbehci \Device\USBPDO-6 86F061F8
Device \Driver\volmgr \Device\HarddiskVolume1 861391F8
Device \Driver\volmgr \Device\HarddiskVolume2 861391F8
Device \Driver\cdrom \Device\CdRom0 86FB91F8
Device \Driver\volmgr \Device\HarddiskVolume3 861391F8
Device \Driver\cdrom \Device\CdRom1 86FB91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8613C1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8AF08580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 8613C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8613C1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8AF08580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\PCI_PNP0944 \Device\00000066 spqa.sys
Device \Driver\cdrom \Device\CdRom2 86FB91F8
Device \Driver\volmgr \Device\HarddiskVolume4 861391F8
Device \Driver\sptd \Device\793772956 spqa.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86FC51F8
Device \Driver\usbuhci \Device\USBFDO-0 86F051F8
Device \Driver\usbuhci \Device\USBFDO-1 86F051F8
Device \Driver\usbehci \Device\USBFDO-2 86F061F8
Device \Driver\usbuhci \Device\USBFDO-3 86F051F8
Device \Driver\usbuhci \Device\USBFDO-4 86F051F8
Device \Driver\usbuhci \Device\USBFDO-5 86F051F8
Device \Driver\usbehci \Device\USBFDO-6 86F061F8
Device \Driver\ari8f48z \Device\Scsi\ari8f48z1Port4Path0Target1Lun0 86FC11F8
Device \Driver\ari8f48z \Device\Scsi\ari8f48z1 86FC11F8
Device \Driver\ari8f48z \Device\Scsi\ari8f48z1Port4Path0Target0Lun0 86FC11F8
Device \FileSystem\cdfs \Cdfs 86CDE500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe2eaba52
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe2eaba52@0024ef8e5113 0x38 0x42 0x64 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe2eaba52@001e45d41295 0xE7 0x62 0x44 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe2eaba52 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe2eaba52@0024ef8e5113 0x38 0x42 0x64 0xE4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe2eaba52@001e45d41295 0xE7 0x62 0x44 0x8D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ...

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
31.03.2010, 15:18
Member

Themenstarter

Beiträge: 12
#6 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:34, on 31.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdecoms.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\3DataManager\WTGService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.Exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Paul\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orf.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Window Arrangment on Splitted Screen] C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\3DataManager\WTGService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17457 bytes
Seitenanfang Seitenende
31.03.2010, 15:19
Member

Themenstarter

Beiträge: 12
#7 32 Bit HP CIO Components Installer
3DataManager
ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer Crystal Eye Webcam
Acer eAudio Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer VCM
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Adobe Reader 9.2 - Deutsch
Adobe Shockwave Player 11.5
AGEIA PhysX v7.09.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Browser Defender 2.0.6.15
Der Schreibtrainer 3.7
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Duden Rechtschreibtrainer
Glary Utilities Pro 2.16.0.758
Google Talk Plugin
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ6.5
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Launch Manager
Lexmark 4800 Series
LimeWire PRO 5.3.6
Malwarebytes' Anti-Malware
Maxtor Manager
Maxtor Manager
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.2pre)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Norton 360 Premier Edition
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Picasa 3
PowerProducer
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Safari
Secunia PSI
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Doctor 7.0
Synaptics Pointing Device Driver
TuneUp Utilities
Unreal Tournament 3
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Vista Codec Package
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.8a
VoiceOver Kit
Vuze
Warcraft III
WIDCOMM Bluetooth Software 6.0.1.4900
Winamp
Winamp Remote
Winbond CIR Drivers
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID-Anmelde-Assistent
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Live-Uploadtool
WinRAR archiver
Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965)
Wolfram Notebook Indexer 2.0
Yahoo! Toolbar
Seitenanfang Seitenende
31.03.2010, 15:31
Member

Beiträge: 3716
#8 ok, nun combofix.
Seitenanfang Seitenende
31.03.2010, 15:43
Member

Themenstarter

Beiträge: 12
#9

Dies ist mit Norton geschehen nachdem der Virus/Trojaner aktiv wurde. Und ich kann es nicht mehr aktivieren, alle wichtigen Funktionen sind deaktiviert!



Bei combofix bin ich gerade dabei. Danke einstweilen für deine Hilfe.

Edit:
Komisch, die Bilder kann man nicht sehen, obwohl ich sie ordnungsgemäß eingebunden habe.

Hier die URL:

https://cid-49e5187c5d3b557b.skydrive.live.com/self.aspx/.Documents/Norton/Unbenannt-1.jpg

https://cid-49e5187c5d3b557b.skydrive.live.com/self.aspx/.Documents/Norton/Unbenannt-3.jpg
Seitenanfang Seitenende
31.03.2010, 16:07
Member

Beiträge: 3716
#10 kriegen wir schon hin, immer locker.
Seitenanfang Seitenende
01.04.2010, 00:52
Member

Themenstarter

Beiträge: 12
#11 Okay ;)

Hoffe das ist der richtige.

ComboFix 10-03-29.04 - Paul 31.03.2010 15:56:26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3069.1843 [GMT 2:00]
ausgeführt von:: c:\users\Paul\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Paul\AppData\Roaming\inst.exe
c:\windows\system32\ActNAV_cltDynam.dat

.
((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-31 ))))))))))))))))))))))))))))))
.

2010-03-31 14:27 . 2010-03-31 14:28 -------- d-----w- c:\users\Paul\AppData\Local\temp
2010-03-31 14:27 . 2010-03-31 14:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-31 14:27 . 2010-03-31 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-31 13:50 . 2010-02-12 16:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-03-31 13:50 . 2010-02-01 18:20 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-03-31 13:34 . 2010-03-31 13:47 -------- d-----w- C:\32788R22FWJFW
2010-03-31 11:04 . 2010-03-31 11:04 93056 ----a-w- C:\ugrdipow.sys
2010-03-31 08:38 . 2010-02-02 08:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-31 08:38 . 2010-02-02 08:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-31 08:38 . 2010-02-02 08:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-31 08:38 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-31 08:38 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-31 08:38 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-03-31 08:38 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-31 08:38 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-31 08:38 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-31 08:30 . 2010-03-31 08:30 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 07:41 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-03-31 07:41 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-31 07:41 . 2010-03-10 09:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-31 07:41 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-31 07:41 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-30 14:27 . 2010-03-31 14:16 -------- d-----w- c:\program files\Spyware Doctor
2010-03-30 14:27 . 2010-03-31 07:41 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-30 14:27 . 2010-03-30 14:55 -------- d-----w- c:\programdata\PC Tools
2010-03-30 14:27 . 2010-03-30 14:27 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Tools
2010-03-28 15:23 . 2010-02-25 08:13 11776 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-03-26 14:03 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-26 14:03 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-26 14:03 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-26 14:03 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-26 14:03 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-24 08:53 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\Scxpx86.dll
2010-03-24 08:53 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSvix86.sys
2010-03-24 08:53 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSXpx86.sys
2010-03-24 08:53 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSxpx86.dll
2010-03-24 08:53 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSviA64.sys
2010-03-23 20:52 . 2010-03-23 20:52 144053 ----a-w- c:\users\Paul\AppData\Roaming\Move Networks\uninstall.exe
2010-03-16 13:29 . 2010-01-05 14:57 545280 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-03-16 13:29 . 2010-01-05 14:57 344064 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-03-16 13:29 . 2010-01-05 14:57 153600 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-03-16 13:29 . 2010-01-05 14:57 103424 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-03-16 13:29 . 2010-01-05 14:57 57856 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-03-16 13:29 . 2010-01-05 14:57 4725760 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-03-15 00:07 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll
2010-03-15 00:07 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys
2010-03-15 00:07 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys
2010-03-15 00:07 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll
2010-03-15 00:07 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys
2010-03-13 19:11 . 2010-03-13 19:11 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-10 18:02 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 18:02 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 18:02 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-08 05:21 . 2010-03-08 05:21 -------- d-----w- c:\programdata\Symantec
2010-03-07 23:36 . 2010-03-07 23:42 -------- d-----w- c:\users\Paul\Incomplete
2010-03-07 21:26 . 2010-03-07 21:23 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-07 21:26 . 2010-03-07 21:23 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-07 21:26 . 2010-03-07 21:23 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-03-07 21:24 . 2010-03-07 21:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-07 21:24 . 2010-03-07 21:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-07 21:24 . 2010-03-07 21:24 -------- d-----w- c:\program files\Symantec
2010-03-07 21:23 . 2010-03-07 21:23 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-03-07 21:23 . 2010-03-07 21:23 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-03-07 21:23 . 2010-03-07 21:23 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-03-07 21:23 . 2010-03-11 01:08 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-07 21:23 . 2010-03-07 21:23 -------- d-----w- c:\program files\NortonInstaller
2010-03-07 20:56 . 2010-03-07 21:23 -------- d-----w- c:\programdata\NortonInstaller
2010-03-07 18:29 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-05 22:00 . 2010-03-05 22:00 -------- d-----w- c:\program files\NortonInstaller(21)

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2055-09-19 06:29 . 2009-09-19 06:00 2012 ----a-w- c:\windows\system32\NAV_75_cltDynam.dat
2010-03-31 13:57 . 2008-01-21 07:15 621952 ----a-w- c:\windows\system32\perfh007.dat
2010-03-31 13:57 . 2008-01-21 07:15 123852 ----a-w- c:\windows\system32\perfc007.dat
2010-03-31 13:49 . 2009-02-25 18:27 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-31 09:52 . 2009-02-22 13:38 124392 ----a-w- c:\users\Paul\AppData\Roaming\nvModes.dat
2010-03-31 09:28 . 2009-10-18 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 15:40 . 2010-02-12 16:55 -------- d-----w- c:\program files\QuickTime
2010-03-30 15:40 . 2009-11-07 16:19 -------- d-----w- c:\program files\Lexmark 4800 Series
2010-03-30 15:40 . 2009-10-16 21:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-30 15:40 . 2009-03-09 18:32 -------- d-----w- c:\program files\Glary Utilities
2010-03-30 15:40 . 2009-02-19 17:29 -------- d-----w- c:\program files\Launch Manager
2010-03-30 15:40 . 2009-03-11 18:05 -------- d-----w- c:\users\Paul\AppData\Roaming\vlc
2010-03-30 15:40 . 2009-02-21 22:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Azureus
2010-03-30 15:25 . 2009-02-23 21:10 -------- d-----w- c:\programdata\Google Updater
2010-03-29 22:46 . 2009-10-18 09:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-10-18 09:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 02:53 . 2010-02-08 00:39 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-28 02:52 . 2009-12-16 12:47 -------- d-----w- c:\program files\Warcraft III
2010-03-24 11:33 . 2009-04-27 18:56 -------- d-----w- c:\users\Paul\AppData\Roaming\ICQ
2010-03-24 08:59 . 2009-02-24 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\dvdcss
2010-03-23 20:52 . 2009-08-17 19:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Move Networks
2010-03-23 20:52 . 2010-02-11 19:31 5640640 ----a-w- c:\users\Paul\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2010-03-13 19:15 . 2010-02-11 20:03 -------- d-----w- c:\program files\Safari
2010-03-11 01:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 18:07 . 2008-03-25 14:26 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 16:13 . 2009-02-23 19:48 -------- d-----w- c:\programdata\Lx_cats
2010-03-09 15:35 . 2010-03-09 15:35 800792 ----a-w- c:\programdata\SPLBE4E.tmp
2010-03-09 14:09 . 2009-02-21 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\LimeWire
2010-03-07 21:29 . 2009-11-21 12:02 -------- d---a-w- c:\programdata\Norton
2010-03-07 21:24 . 2010-03-07 21:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-07 21:24 . 2010-03-07 21:24 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-07 21:23 . 2010-01-22 15:24 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-03-05 22:00 . 2009-11-10 22:39 -------- d-----w- c:\program files\Norton Internet Security
2010-02-24 14:23 . 2009-02-19 17:28 163008 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-05 19:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 23:18 . 2009-02-17 13:58 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-23 06:39 . 2010-03-31 09:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 09:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 09:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 18:07 . 2008-03-25 14:28 -------- d-----w- c:\program files\Microsoft Works
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 00:03 . 2010-02-18 00:03 739216 ----a-w- c:\programdata\SPLB5D9.tmp
2010-02-17 23:54 . 2010-02-17 23:54 734444 ----a-w- c:\programdata\SPL878E.tmp
2010-02-17 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-17 21:01 . 2010-02-17 21:01 -------- d-----w- c:\program files\Microsoft.NET
2010-02-17 20:57 . 2010-02-17 20:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-12 21:34 . 2009-11-18 22:05 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype
2010-02-12 20:10 . 2009-11-18 22:11 -------- d-----w- c:\users\Paul\AppData\Roaming\skypePM
2010-02-12 00:37 . 2009-02-22 09:31 -------- d-----w- c:\users\Paul\AppData\Roaming\Apple Computer
2010-02-11 20:20 . 2010-02-11 20:08 -------- d-----w- c:\program files\iTunes
2010-02-11 20:20 . 2009-02-22 10:17 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat
2010-02-11 20:08 . 2010-02-11 20:08 -------- d-----w- c:\program files\iPod
2010-02-11 20:08 . 2009-02-22 09:28 -------- d-----w- c:\program files\Common Files\Apple
2010-02-11 20:04 . 2010-02-11 20:04 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-11 20:01 . 2010-02-11 20:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-02-06 17:50 . 2009-04-27 18:55 -------- d-----w- c:\program files\ICQ6.5
2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-01-25 12:00 . 2010-02-24 08:11 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 08:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 08:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 08:11 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 08:11 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 08:11 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 08:11 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 08:11 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 08:11 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 08:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 08:11 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 08:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 08:11 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 08:11 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 08:11 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 08:11 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 08:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Arrangment on Splitted Screen"="c:\program files\Acer Inc\Acer GridVista\GridVistaULH.exe" [2008-03-05 387592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck turegopt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 22:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f8,1c,35,9d,60,e6,c9,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-27 721904]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-07 102448]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-07 310320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-07 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-07 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100326.001\IDSvix86.sys [2009-10-28 343088]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-03-07 117640]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S2 WTGService;WTGService;c:\program files\3DataManager\WTGService.exe [2008-10-21 267720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-02-05 70408]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-07 48688]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Inhalt des "geplante Tasks" Ordners

2010-03-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-09 17:27]

2010-03-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:18]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67386191-2426360508-2556992975-1000Core.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 22:41]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67386191-2426360508-2556992975-1000UA.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 22:41]

2010-03-31 c:\windows\Tasks\User_Feed_Synchronization-{153A8F6C-A7A6-4B92-9CA4-2BB3567614F2}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.orf.at/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.orf.at
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Paul\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Paul\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 16:28
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-67386191-2426360508-2556992975-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4e,9b,c2,2d,b5,ea,56,2a,cd,08,6d,31,aa,55,40,7d,de,28,0e,06,1d,
c2,a0,85,58,73,c9,92,30,25,a5,19,24,90,04,ec,30,c9,0c,bc,9c,e9,39,f4,a2,cb,\
"rkeysecu"=hex:aa,48,7a,6f,e1,c6,da,07,36,b8,76,1f,69,ec,b5,14

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000000a

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'lsass.exe'(656)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
.
Zeit der Fertigstellung: 2010-03-31 16:44:08
ComboFix-quarantined-files.txt 2010-03-31 14:43

Vor Suchlauf: 11 Verzeichnis(se), 27.486.109.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 27.459.543.040 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FF773806A5E60AC83E69ED8FF0CE4AC0
Seitenanfang Seitenende
01.04.2010, 12:39
Member

Beiträge: 3716
#12 nutze norman tdss cleaner:
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125180-rootkit-tdss-entfernen-norman-tdss-cleaner.html
je nach dem ob das programm neustartet, werden 1 oder 2 logs ersellt, poste diese
Seitenanfang Seitenende